CVE-2026-26342 - Tattile Smart+ / Vega / Basic <= 1.181.5 insufficient session token expiration

CVE ID : CVE-2026-26342 Published : Feb. 24, 2026, 8:27 p.m. | 5 minutes ago Description : Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...